A continuing OCSP journey.....
R3wted
Member Posts: 6 ■□□□□□□□□□
Hi Everyone,
Working full time my path down OSCP has been long and slow lol. I started about 11 months ago and now have 21 host fully rooted. Although I am definitely no guru, I am happy to share any knowledge that may help people.
I look forward to getting to know you all better.
Cheers
Working full time my path down OSCP has been long and slow lol. I started about 11 months ago and now have 21 host fully rooted. Although I am definitely no guru, I am happy to share any knowledge that may help people.
I look forward to getting to know you all better.
Cheers
Comments
-
soccarplayer29 Member Posts: 230 ■■■□□□□□□□I enjoy your username play on words It might be beneficial to jumpstart this discussion with some introduction about yourself, your journey toward OSCP (previous work experience, certifications, study materials, etc.).
Welcome to TE!Certs: CISSP, CISA, PMP -
mysticag Registered Users Posts: 1 ■□□□□□□□□□Hi R3wted,
I am planning to do OSCP certification. I would like to know what are the basics I need to brush up before starting the labs. My background is I am a Automation Test Analyst have Masters in Security Technologies, so I have little bit idea about security and programming.
Any pointers will be helpful.
Cheers -
R3wted Member Posts: 6 ■□□□□□□□□□Hi Soccarplayer
Thanks for the welcome. I am currently working as a systems administrator at a hospital. I decided I wanted to specialize and chose OSCP on the basis it was a hands on the course and the certification was highly regarded in the industry.The challenge for me doing this course was it was completely new for someone who is completely self taught Fortunately I have made friends who are doing the same course. One has given me numerous URL's to use and well as recommending vulnhub for extra practice
My Main Study books would be RTFM, Web Application Hackers Handbook, Hackers Playbook2
The 21 Hosts hosts I have rooted so far are ALICE,RALPH,PAYDAY,BOB,BOB2,JD,DJ,ORACLE,DOTTY,JEFF,BARRY,MIKE, TOPHAT,KRACKEN,SUSIE,HELPDESK,SEAN,MAIL,TIMECLOCK,KEVIN,.234
Some machines have been real tricky which makes owning then all the bigger buzz -
R3wted Member Posts: 6 ■□□□□□□□□□Hi mysticag
Firstly good on you for planning to to do OSCP. I would recommend having a play around vulnhub. I didn't know about it until I started the course . I great prep tool I would say
Read as many reviews as yo can. It gave me an idea of what to expect. Knowing a bit of programing is a help and also a good understanding of linux. All these thing I have had to learn on the way.
The course is very rewarding however -
p@r0tuXus Member Posts: 532 ■■■■□□□□□□numerous URL's to use
Congrats on your challenge and good luck. I hope to do this by next year. Care to share these URLs?Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE -
R3wted Member Posts: 6 ■□□□□□□□□□Congrats on your challenge and good luck. I hope to do this by next year. Care to share these URLs?
Penetration Testing Methodology - 0DAYsecurity.com
Creating Metasploit Payloads
Reverse Shell **** Sheet | pentestmonkey
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Converting Metasploit Module to Stand Alone
FuzzySecurity | Windows Privilege Escalation Fundamentals
Converting Metasploit Module to Stand Alone
http://www.gironsec.com/WebHacking101.pdf
MSSQL Injection **** Sheet | pentestmonkey
Creating Metasploit Payloads
These are probably my most widely used. Hope they help in some way for you -
p@r0tuXus Member Posts: 532 ■■■■□□□□□□That was fantastic and exactly what I hoped for, you are a gentleman and a scholar.Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE -
Dr. Fluxx Member Posts: 98 ■■□□□□□□□□Penetration Testing Methodology - 0DAYsecurity.com
Creating Metasploit Payloads
Reverse Shell **** Sheet | pentestmonkey
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Converting Metasploit Module to Stand Alone
FuzzySecurity | Windows Privilege Escalation Fundamentals
Converting Metasploit Module to Stand Alone
http://www.gironsec.com/WebHacking101.pdf
MSSQL Injection **** Sheet | pentestmonkey
Creating Metasploit Payloads
These are probably my most widely used. Hope they help in some way for you
Definitely going to check all of these links out. -
R3wted Member Posts: 6 ■□□□□□□□□□That was fantastic and exactly what I hoped for, you are a gentleman and a scholar.
You're welcome p@r0tuXus. When are you looking at doing yours? Happy to give nudges where I can -
p@r0tuXus Member Posts: 532 ■■■■□□□□□□By year's end, I hope to submit my application/paperwork. Ideally I'd like to start with a 90-day lab access by October 1st. I'm working on L+/LPIC-1 right now and plan to get the CEH and eJPT before I start the OSCP. I think they'll all give me the footing I need to approach it confidently and by the end of the exam I should have a solid cert list I can apply to a world-wide company HQ'd where I'm at. If I get hired there, they'll probably pay for it, so then I could start sooner. If money matters work out by June 1st, I'd like to start CEH, otherwise I"ll have to do it sometime in September. I have solid goals, just flexible timelines because of money. Ah well, it'll happen!Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE -
Clm Member Posts: 444 ■■■■□□□□□□Question since you have been going at it for 11 months are you just buying more labtime or did you use your labtime up and waiting to test when readyI find your lack of Cloud Security Disturbing!!!!!!!!!
Connect with me on LinkedIn https://www.linkedin.com/in/myerscraig -
Dr. Fluxx Member Posts: 98 ■■□□□□□□□□By year's end, I hope to submit my application/paperwork. Ideally I'd like to start with a 90-day lab access by October 1st. I'm working on L+/LPIC-1 right now and plan to get the CEH and eJPT before I start the OSCP. I think they'll all give me the footing I need to approach it confidently and by the end of the exam I should have a solid cert list I can apply to a world-wide company HQ'd where I'm at. If I get hired there, they'll probably pay for it, so then I could start sooner. If money matters work out by June 1st, I'd like to start CEH, otherwise I"ll have to do it sometime in September. I have solid goals, just flexible timelines because of money. Ah well, it'll happen!
Im also doing the same as far as Linux Plus goes.
But i decided against the CEH.
Its really expensive for what you get.
Ive heard the ejpt would be better spent because of its practicality and direct preparation for the OSCP.
But what it boils down to is cost. For about 300 more US bucks, you can get 30 days for the OSCP, which I felt was much more valuable.
If it was cheaper, by about 300 bucks...being an HR filter as it is, id consider the CEH. -
p@r0tuXus Member Posts: 532 ■■■■□□□□□□Im also doing the same as far as Linux Plus goes.
But i decided against the CEH.
Its really expensive for what you get.
Ive heard the ejpt would be better spent because of its practicality and direct preparation for the OSCP.
But what it boils down to is cost. For about 300 more US bucks, you can get 30 days for the OSCP, which I felt was much more valuable.
If it was cheaper, by about 300 bucks...being an HR filter as it is, id consider the CEH.
I completely understand. I need all the HR filter buffs I can get, I don't have a B.S. or even an A.S. I have a lot of experience in IT, most of it along the lower wrungs though, Helpdesk, NOC, Tech Support type stuff. I had some network hands-on experience with the NOC but not enough to justify calling myself an engineer. With more labbing and certifications, I'm hoping to lay groundwork for the certs and with enough I should be able to breeze through a B.S. at WGU in a year or two. I think a CEH, OSCP & CISSP in 2 years is doable and will get me more money in the short-term to make the B.S. attainable within that time as well.Completed: ITIL-F, A+, S+, CCENT, CCNA R|S
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE -
Dr. Fluxx Member Posts: 98 ■■□□□□□□□□I see. Im on the fence on the CISSP...its seeming to be saturated, especially in the govt sector.
Id look into it after getting the OSCP and quite possibly the OSWA.
Cuz web apps and securing them with pen testing is also becoming huge.
I also don't want to burn myself out. -
22306 Member Posts: 223 ■■□□□□□□□□hey if you like, join a discord group chat we have https://discord.gg/AQwaeGf almost everyone is either working on OSCP or waiting for the start date. come